[CentOS] named log entries - Are any of these a problem?

Fri Oct 10 13:23:49 UTC 2014
Bill Gee <bgee at campercaver.net>

Hello everyone -

Update on this:  I did some more searching and discovered that OpenNIC is 
intended to replace the normal top-level DNS servers.  It's not just a simple  
forwarder.  I changed my forwarders to AlternateDNS.  

After two days I no longer get either of the checkhints messages shown below.  
The hints file has not changed - it still contains both A and AAAA records, but 
there is no longer any message about extra entries.  "Rndc dumpdb -all" shows 
that the opennic.glue entries have been flushed.  Dig will resolve names like 
ns2.opennic.glue, but ping fails.

That leaves the log messages about changing the clients-per-query.  More 
searching finally found me some documentation on the entry.  The log messages 
do not indicate a problem - they are just named doing some self-tuning.

Just in case, I added 

	clients-per-query 20
	max-clients-per-query 30

to the options section of my named.conf file.  I still get some messages about 
named changing clients-per-query, but I am going to just ignore them for now.

Bill Gee


On Wednesday, October 08, 2014 08:05:38 Bill Gee wrote:
> Hello everyone -
> 
> I run bind version 9.8.2 on CentOS 6.5.  The daily logwatch run sends me the
> following items.  Are any of these a real problem?
> 
> ============
> checkhints: extra NS 'A.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'B.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'C.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'D.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'E.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'F.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'G.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'H.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'I.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'J.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'K.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'L.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: extra NS 'M.ROOT-SERVERS.NET' in hints: 170 Time(s)
>     checkhints: unable to find root NS 'ns1.dnslibre.info' in hints: 147
> Time(s)
>     checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns10.opennic.glue' in hints:
> 170 Time(s)
>     checkhints: unable to find root NS 'ns2.dnslibre.info' in hints: 147
> Time(s)
>     checkhints: unable to find root NS 'ns2.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns3.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns4.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns5.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns6.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns7.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns8.opennic.glue' in hints: 170
> Time(s) checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147
> Time(s) clients-per-query decreased to 10: 2 Time(s)
> (repeated many time with various numbers)
> ===================
> 
> The hints file DOES contain two entries for each of the ROOT-SERVERS.  One
> is the ipv4 address and the other is the ipv6 address.  I use the hints
> file downloaded from http://www.internic.net/domain/named.root .
> 
> The hints file does NOT contain any entries for the opennic.glue or
> dnslibre.info servers.  However, when I run "rndc -all", the output shows
> that bind has entries for those servers.  The names will resolve and answer
> ping.
> 
> I searched all over trying to find information on the clients-per-query
> setting.  My named.conf file does not contain an entry for
> clients-per-query. Is there some detailed documentation on this setting? 
> What does it really do?
> 
> Three more notes:  1) I see no problems in daily operation.  All web
> browsing works as does resolution for local machines.  2) This bind server
> does not get queries from outside my local network.  3) I use OpenNIC as
> the "forwarders" servers.  I used to use OpenDNS until they stopped
> handling Yahoo email correctly.
> 
> Thanks - Bill Gee
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos